HK Hospital Authority steps up patient data security

HONG KONG, 8 MAY 2009 To enhance the awareness among public hospital staff in protection of personal data of patients, the Hospital Authority (HA) and the Office of Privacy Commissioner for Personal Data (PCPD) has launched the Care for Patients - Protect their Personal Data' campaign.

This is the first joint promotion of patient data privacy by the HA and the PCPD.

Through a series of training seminars on the Personal Data (Privacy) Ordinance, with interactive games and exhibitions, the campaign is aimed at strengthening the culture of privacy awareness in the daily routine of hospital staff with particular attention to preventing the loss and possible leakage of patients' personal data.

Likewise, the PCPD has designed an online self-learning programme to facilitate the training of healthcare workers on the protection of personal data. In the coming few months, 40 training seminars will be organised at various public hospitals.

Duty to protect

At the launching ceremony, Shane Solomon, chief executive of HA, said: We are committed to protecting the confidentiality of our patients' personal data since it is an important aspect of high-quality patient care. Protection of patient data is part of our duty. All of us in the authority need to work together and strengthen our culture of privacy awareness.

Roderick Woo from PCPD said: Patients' right to privacy is absolutely essential in the healthcare context. Data protection practices should be designed and adhered to so as to ensure that patients' privacy and dignity are protected.

I am glad to take a first and significant joint initiative with HA in mounting this campaign to enhance the protection of patients' data. I am confident that together, the HA and the Office of the Privacy Commissioner for Personal Data can create a culture of protection of personal privacy, Woo said.

Disciplinary action for policy breaches

The campaign is a response to a series of recommendations of the Task Force on Patient Data Security and Privacy made last year to enhance the monitoring and protection on the use of patient data, following a series of data security incidents in 2008.

HA polices and guidelines on protection of patients privacy are circulated to all hospital staff via Intranet and internal circulars.

At present, all hospital employees are also required to seek the hospital chief executive's approval when there is a practical need to use electronic storage devices.